doorkeeper 5.0.3 → 5.1.0.rc1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of doorkeeper might be problematic. Click here for more details.

Files changed (65) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +7 -3
  3. data/Dangerfile +5 -2
  4. data/Gemfile +3 -1
  5. data/NEWS.md +20 -13
  6. data/README.md +1 -1
  7. data/app/controllers/doorkeeper/applications_controller.rb +3 -3
  8. data/app/controllers/doorkeeper/authorized_applications_controller.rb +1 -1
  9. data/app/controllers/doorkeeper/tokens_controller.rb +6 -6
  10. data/app/views/doorkeeper/applications/show.html.erb +1 -1
  11. data/app/views/layouts/doorkeeper/admin.html.erb +5 -3
  12. data/bin/console +15 -0
  13. data/gemfiles/rails_4_2.gemfile +1 -0
  14. data/gemfiles/rails_5_0.gemfile +1 -0
  15. data/gemfiles/rails_5_1.gemfile +1 -0
  16. data/gemfiles/rails_5_2.gemfile +2 -1
  17. data/gemfiles/rails_master.gemfile +1 -0
  18. data/lib/doorkeeper.rb +1 -0
  19. data/lib/doorkeeper/config.rb +73 -6
  20. data/lib/doorkeeper/helpers/controller.rb +3 -2
  21. data/lib/doorkeeper/models/access_grant_mixin.rb +8 -1
  22. data/lib/doorkeeper/models/access_token_mixin.rb +40 -9
  23. data/lib/doorkeeper/models/application_mixin.rb +52 -1
  24. data/lib/doorkeeper/models/concerns/hashable.rb +137 -0
  25. data/lib/doorkeeper/models/concerns/scopes.rb +1 -1
  26. data/lib/doorkeeper/oauth/authorization/code.rb +1 -1
  27. data/lib/doorkeeper/oauth/authorization/token.rb +1 -1
  28. data/lib/doorkeeper/oauth/authorization_code_request.rb +1 -1
  29. data/lib/doorkeeper/oauth/client.rb +1 -1
  30. data/lib/doorkeeper/oauth/client_credentials/validation.rb +4 -3
  31. data/lib/doorkeeper/oauth/code_response.rb +2 -2
  32. data/lib/doorkeeper/oauth/helpers/scope_checker.rb +23 -8
  33. data/lib/doorkeeper/oauth/helpers/uri_checker.rb +32 -0
  34. data/lib/doorkeeper/oauth/password_access_token_request.rb +7 -2
  35. data/lib/doorkeeper/oauth/pre_authorization.rb +8 -3
  36. data/lib/doorkeeper/oauth/refresh_token_request.rb +4 -1
  37. data/lib/doorkeeper/oauth/token_response.rb +2 -2
  38. data/lib/doorkeeper/orm/active_record/access_grant.rb +22 -2
  39. data/lib/doorkeeper/orm/active_record/application.rb +12 -53
  40. data/lib/doorkeeper/version.rb +3 -3
  41. data/lib/generators/doorkeeper/templates/initializer.rb +41 -1
  42. data/spec/controllers/application_metal_controller_spec.rb +18 -4
  43. data/spec/controllers/tokens_controller_spec.rb +7 -11
  44. data/spec/dummy/app/controllers/application_controller.rb +1 -1
  45. data/spec/factories.rb +3 -3
  46. data/spec/lib/config_spec.rb +84 -0
  47. data/spec/lib/models/hashable_spec.rb +183 -0
  48. data/spec/lib/oauth/base_request_spec.rb +7 -7
  49. data/spec/lib/oauth/client_credentials/validation_spec.rb +3 -0
  50. data/spec/lib/oauth/helpers/scope_checker_spec.rb +52 -17
  51. data/spec/lib/oauth/helpers/uri_checker_spec.rb +20 -2
  52. data/spec/lib/oauth/password_access_token_request_spec.rb +32 -11
  53. data/spec/lib/oauth/pre_authorization_spec.rb +24 -0
  54. data/spec/lib/oauth/token_response_spec.rb +13 -13
  55. data/spec/lib/oauth/token_spec.rb +14 -0
  56. data/spec/models/doorkeeper/access_grant_spec.rb +61 -0
  57. data/spec/models/doorkeeper/access_token_spec.rb +123 -0
  58. data/spec/models/doorkeeper/application_spec.rb +227 -295
  59. data/spec/requests/flows/authorization_code_spec.rb +40 -0
  60. data/spec/requests/flows/password_spec.rb +4 -2
  61. data/spec/requests/flows/revoke_token_spec.rb +14 -30
  62. data/spec/spec_helper.rb +2 -1
  63. data/spec/support/ruby_2_6_rails_4_2_patch.rb +14 -0
  64. data/spec/support/shared/hashing_shared_context.rb +29 -0
  65. metadata +12 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 897eb14bd6b334b3b9f69f5cd54bfe524baddc09b3f96159f29a3c0b32b89d9b
4
- data.tar.gz: b7bdd3e4d3cef46cb68fca0ac0bc854b5fa28c170c70a244b331b223d035d16f
3
+ metadata.gz: 5773ab2b97881fdf1bb6fa66a4e176299d58c536f354ea9e9f4f7bb6dc0dcdea
4
+ data.tar.gz: 69ac6937d7eb7786a8c9ac331f540ef5aa1321b7c0624a0778c7437151764569
5
5
  SHA512:
6
- metadata.gz: ff4eb6145d1a432a2cb31055ccf4fcbbaa0d91f3cb8c59ad061ede4d25b6ca345e1b5404c7180816524b5e0c650e359189d42790be61d025eeb940781accac52
7
- data.tar.gz: 30463a001c175d07cecda2f760ed669c5c460c6fd0e3ed802b9988c8ca3b15e80fd335022f61b9cec9954d7906c53e160a3462df8988f9f0a756dff2a7452cb1
6
+ metadata.gz: 5e4b8470847ab8e642d50d27972838c0b5181b3c97c4a25afca18861b3878e513346f7b72d5c5d6c31b5d8513d90c1e6426e0cfcfce51a06b1e04e563ae09ab0
7
+ data.tar.gz: 79c4363faf9a3f41bc639ee6e6ec756efbd99a96e4670e788bc4201b6f69eb992ffc95f2f56e3efbcd5645f2ed76e2c8d29f6e9807ffb6841becd31d868c6963
@@ -1,5 +1,5 @@
1
- cache: bundler
2
1
  language: ruby
2
+ cache: bundler
3
3
  sudo: false
4
4
 
5
5
  rvm:
@@ -8,10 +8,12 @@ rvm:
8
8
  - 2.3
9
9
  - 2.4
10
10
  - 2.5
11
- - ruby-2.6.0-preview1
11
+ - 2.6
12
+ - ruby-head
12
13
 
13
14
  before_install:
14
- - gem update --system # Need for Ruby 2.5.0. https://github.com/travis-ci/travis-ci/issues/8978
15
+ - "find /home/travis/.rvm/rubies -wholename '*default/bundler-*.gemspec' -delete"
16
+ - rvm @global do gem uninstall bundler -a -x -I || true
15
17
  - gem install bundler -v '~> 1.10'
16
18
 
17
19
  gemfile:
@@ -41,5 +43,7 @@ matrix:
41
43
  rvm: 2.2
42
44
  - gemfile: gemfiles/rails_master.gemfile
43
45
  rvm: 2.3
46
+ - gemfile: gemfiles/rails_master.gemfile
47
+ rvm: 2.4
44
48
  allow_failures:
45
49
  - gemfile: gemfiles/rails_master.gemfile
data/Dangerfile CHANGED
@@ -17,7 +17,7 @@ end
17
17
  # --------------------------------------------------------------------------------------------------------------------
18
18
  # Has any changes happened inside the actual library code?
19
19
  # --------------------------------------------------------------------------------------------------------------------
20
- has_app_changes = !git.modified_files.grep(/lib/).empty?
20
+ has_app_changes = !git.modified_files.grep(/lib|app/).empty?
21
21
  has_spec_changes = !git.modified_files.grep(/spec/).empty?
22
22
 
23
23
  # --------------------------------------------------------------------------------------------------------------------
@@ -52,7 +52,10 @@ Here's an example of a #{CHANGELOG_FILE} entry:
52
52
  ```
53
53
  MARKDOWN
54
54
 
55
- fail("Please include a changelog entry. \nYou can find it at [#{CHANGELOG_FILE}](#{GITHUB_REPO}/blob/master/#{CHANGELOG_FILE}).")
55
+ warn(
56
+ "Please include a changelog entry. \nYou can find it at [#{CHANGELOG_FILE}](#{GITHUB_REPO}/blob/master/#{CHANGELOG_FILE})." +
57
+ "You can skip this warning only if you made some typo fix or other small changes that didn't affect the API."
58
+ )
56
59
  end
57
60
 
58
61
  if git.commits.any? { |commit| commit.message =~ /^Merge branch '#{github.branch_for_base}'/ }
data/Gemfile CHANGED
@@ -1,9 +1,11 @@
1
1
  source "https://rubygems.org"
2
2
 
3
- gem "rails", "~> 5.2"
3
+ gem "rails", ">= 5.2.1.1", "< 6.0"
4
4
 
5
5
  gem "appraisal"
6
6
 
7
+ gem "bcrypt", "~> 3.1"
8
+
7
9
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
8
10
  gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
9
11
  gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw]
data/NEWS.md CHANGED
@@ -5,10 +5,17 @@ upgrade guides.
5
5
 
6
6
  User-visible changes worth mentioning.
7
7
 
8
- ## 5.0.3
9
-
10
- [#1371] Backport: Add #as_json method and attributes serialization restriction for Application model.
11
- Fixes information disclosure vulnerability (CVE-2020-10187).
8
+ ## master
9
+
10
+ - [#1188] Use `params` instead of `request.POST` in tokens controller (fixes #1183).
11
+ - [#1179] Authorization Code Grant Flow without client id returns invalid_client error.
12
+ - [#1182] Fix loopback IP redirect URIs to conform with RFC8252, p. 7.3 (fixes #1170).
13
+ - [#1177] Allow to limit `scopes` for certain `grant_types`
14
+ - [#1162] Fix `enforce_content_type` for requests without body.
15
+ - [#1164] Fix error when `root_path` is not defined.
16
+ - [#1175] Internal refactor: use `scopes_string` inside `scopes`.
17
+ - [#1176] Fix test factory support for `factory_bot_rails`
18
+ - [#1168]: Allow optional hashing of tokens and secrets.
12
19
 
13
20
  ## 5.0.2
14
21
 
@@ -59,12 +66,12 @@ User-visible changes worth mentioning.
59
66
  `Doorkeeper#installed?` method
60
67
  - [#1031] Allow public clients to authenticate without `client_secret`. Define an app as
61
68
  either public or private/confidential
62
-
69
+
63
70
  **[IMPORTANT]**: all the applications (clients) now are considered as private by default.
64
71
  You need to manually change `confidential` column to `false` if you are using public clients,
65
72
  in other case your mobile (or other) applications will not be able to authorize.
66
73
  See [#1142](https://github.com/doorkeeper-gem/doorkeeper/issues/1142) for more details.
67
-
74
+
68
75
  - [#1010] Add configuration to enforce configured scopes (`default_scopes` and
69
76
  `optional_scopes`) for applications
70
77
  - [#1060] Ensure that the native redirect_uri parameter matches with redirect_uri of the client
@@ -82,26 +89,26 @@ User-visible changes worth mentioning.
82
89
  - [#1076] Add config to enforce content type to application/x-www-form-urlencoded
83
90
  - Fix bug with `force_ssl_in_redirect_uri` when it breaks existing applications with an
84
91
  SSL redirect_uri.
85
-
92
+
86
93
  ## 4.4.3
87
-
94
+
88
95
  - [#1143] Adds a config option `opt_out_native_route_change` to opt out of the breaking api
89
96
  changed introduced in https://github.com/doorkeeper-gem/doorkeeper/pull/1003
90
97
 
91
-
98
+
92
99
  ## 4.4.2
93
100
 
94
101
  - [#1130] Backport fix for native redirect_uri from 5.x.
95
-
102
+
96
103
  ## 4.4.1
97
104
 
98
105
  - [#1127] Backport token type to comply with the RFC6750 specification.
99
106
  - [#1125] Backport Quote surround I18n yes/no keys
100
-
107
+
101
108
  ## 4.4.0
102
-
109
+
103
110
  - [#1120] Backport security fix from 5.x for token revocation when using public clients
104
-
111
+
105
112
  **[IMPORTANT]**: all the applications (clients) now are considered as private by default.
106
113
  You need to manually change `confidential` column to `false` if you are using public clients,
107
114
  in other case your mobile (or other) applications will not be able to authorize.
data/README.md CHANGED
@@ -117,7 +117,7 @@ migration:
117
117
  [PKCE flow]: https://tools.ietf.org/html/rfc7636
118
118
 
119
119
  ```sh
120
- rails generate doorkeeper:pkce
120
+ rails generate doorkeeper:pkce
121
121
  ```
122
122
 
123
123
  Then run migrations:
@@ -19,7 +19,7 @@ module Doorkeeper
19
19
  def show
20
20
  respond_to do |format|
21
21
  format.html
22
- format.json { render json: @application, as_owner: true }
22
+ format.json { render json: @application }
23
23
  end
24
24
  end
25
25
 
@@ -35,7 +35,7 @@ module Doorkeeper
35
35
 
36
36
  respond_to do |format|
37
37
  format.html { redirect_to oauth_application_url(@application) }
38
- format.json { render json: @application, as_owner: true }
38
+ format.json { render json: @application }
39
39
  end
40
40
  else
41
41
  respond_to do |format|
@@ -53,7 +53,7 @@ module Doorkeeper
53
53
 
54
54
  respond_to do |format|
55
55
  format.html { redirect_to oauth_application_url(@application) }
56
- format.json { render json: @application, as_owner: true }
56
+ format.json { render json: @application }
57
57
  end
58
58
  else
59
59
  respond_to do |format|
@@ -9,7 +9,7 @@ module Doorkeeper
9
9
 
10
10
  respond_to do |format|
11
11
  format.html
12
- format.json { render json: @applications, current_resource_owner: current_resource_owner }
12
+ format.json { render json: @applications }
13
13
  end
14
14
  end
15
15
 
@@ -4,11 +4,11 @@ module Doorkeeper
4
4
  class TokensController < Doorkeeper::ApplicationMetalController
5
5
  def create
6
6
  response = authorize_response
7
- headers.merge! response.headers
7
+ headers.merge!(response.headers)
8
8
  self.response_body = response.body.to_json
9
9
  self.status = response.status
10
- rescue Errors::DoorkeeperError => e
11
- handle_token_exception e
10
+ rescue Errors::DoorkeeperError => error
11
+ handle_token_exception(error)
12
12
  end
13
13
 
14
14
  # OAuth 2.0 Token Revocation - http://tools.ietf.org/html/rfc7009
@@ -75,12 +75,12 @@ module Doorkeeper
75
75
  end
76
76
 
77
77
  def token
78
- @token ||= AccessToken.by_token(request.POST['token']) ||
79
- AccessToken.by_refresh_token(request.POST['token'])
78
+ @token ||= AccessToken.by_token(params['token']) ||
79
+ AccessToken.by_refresh_token(params['token'])
80
80
  end
81
81
 
82
82
  def strategy
83
- @strategy ||= server.token_request params[:grant_type]
83
+ @strategy ||= server.token_request(params[:grant_type])
84
84
  end
85
85
 
86
86
  def authorize_response
@@ -8,7 +8,7 @@
8
8
  <p><code class="bg-light" id="application_id"><%= @application.uid %></code></p>
9
9
 
10
10
  <h4><%= t('.secret') %>:</h4>
11
- <p><code class="bg-light" id="secret"><%= @application.secret %></code></p>
11
+ <p><code class="bg-light" id="secret"><%= @application.plaintext_secret %></code></p>
12
12
 
13
13
  <h4><%= t('.scopes') %>:</h4>
14
14
  <p><code class="bg-light" id="scopes"><%= @application.scopes.presence || raw('&nbsp;') %></code></p>
@@ -17,9 +17,11 @@
17
17
  <li class="nav-item <%= 'active' if request.path == oauth_applications_path %>">
18
18
  <%= link_to t('doorkeeper.layouts.admin.nav.applications'), oauth_applications_path, class: 'nav-link' %>
19
19
  </li>
20
- <li class="nav-item">
21
- <%= link_to t('doorkeeper.layouts.admin.nav.home'), root_path, class: 'nav-link' %>
22
- </li>
20
+ <% if respond_to?(:root_path) %>
21
+ <li class="nav-item">
22
+ <%= link_to t('doorkeeper.layouts.admin.nav.home'), root_path, class: 'nav-link' %>
23
+ </li>
24
+ <% end %>
23
25
  </ul>
24
26
  </div>
25
27
  </nav>
@@ -0,0 +1,15 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'bundler/setup'
4
+ require 'rails/all'
5
+ require 'doorkeeper'
6
+
7
+ # You can add fixtures and/or initialization code here to make experimenting
8
+ # with your gem easier. You can also use a different console, if you like.
9
+
10
+ # (If you use this, don't forget to add pry to your Gemfile!)
11
+ # require "pry"
12
+ # Pry.start
13
+
14
+ require 'irb'
15
+ IRB.start(__FILE__)
@@ -3,6 +3,7 @@
3
3
  source "https://rubygems.org"
4
4
 
5
5
  gem "rails", "~> 4.2.0"
6
+ gem "bcrypt", "~> 3.1"
6
7
  gem "appraisal"
7
8
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
8
9
  gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
@@ -3,6 +3,7 @@
3
3
  source "https://rubygems.org"
4
4
 
5
5
  gem "rails", "~> 5.0.0"
6
+ gem "bcrypt", "~> 3.1"
6
7
  gem "appraisal"
7
8
  gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
8
9
  gem "sqlite3", platforms: [:ruby, :mswin, :mingw, :x64_mingw]
@@ -3,6 +3,7 @@
3
3
  source "https://rubygems.org"
4
4
 
5
5
  gem "rails", "~> 5.1.0"
6
+ gem "bcrypt", "~> 3.1"
6
7
  gem "appraisal"
7
8
  gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
8
9
  gem "sqlite3", platforms: [:ruby, :mswin, :mingw, :x64_mingw]
@@ -2,7 +2,8 @@
2
2
 
3
3
  source "https://rubygems.org"
4
4
 
5
- gem "rails", "5.2.0"
5
+ gem "rails", "~> 5.2.0"
6
+ gem "bcrypt", "~> 3.1"
6
7
  gem "appraisal"
7
8
  gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
8
9
  gem "sqlite3", platforms: [:ruby, :mswin, :mingw, :x64_mingw]
@@ -6,6 +6,7 @@ gem "rails", git: 'https://github.com/rails/rails'
6
6
  gem "arel", git: 'https://github.com/rails/arel'
7
7
 
8
8
  gem "appraisal"
9
+ gem "bcrypt", "~> 3.1"
9
10
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby
10
11
  gem "sqlite3", platform: [:ruby, :mswin, :mingw, :x64_mingw]
11
12
  gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw]
@@ -56,6 +56,7 @@ require 'doorkeeper/models/concerns/scopes'
56
56
  require 'doorkeeper/models/concerns/expirable'
57
57
  require 'doorkeeper/models/concerns/revocable'
58
58
  require 'doorkeeper/models/concerns/accessible'
59
+ require 'doorkeeper/models/concerns/hashable'
59
60
 
60
61
  require 'doorkeeper/models/access_grant_mixin'
61
62
  require 'doorkeeper/models/access_token_mixin'
@@ -46,6 +46,7 @@ module Doorkeeper
46
46
  end
47
47
 
48
48
  def build
49
+ @config.validate
49
50
  @config
50
51
  end
51
52
 
@@ -83,6 +84,13 @@ module Doorkeeper
83
84
  @config.instance_variable_set(:@optional_scopes, OAuth::Scopes.from_array(scopes))
84
85
  end
85
86
 
87
+ # Define scopes_by_grant_type to limit certain scope to certain grant_type
88
+ # @param { Hash } with grant_types as keys.
89
+ # Default set to {} i.e. no limitation on scopes usage
90
+ def scopes_by_grant_type(hash = {})
91
+ @config.instance_variable_set(:@scopes_by_grant_type, hash)
92
+ end
93
+
86
94
  # Change the way client credentials are retrieved from the request object.
87
95
  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
88
96
  # falls back to the `:client_id` and `:client_secret` params from the
@@ -136,6 +144,24 @@ module Doorkeeper
136
144
  def enforce_content_type
137
145
  @config.instance_variable_set(:@enforce_content_type, true)
138
146
  end
147
+
148
+ # Allow optional hashing of input tokens before persisting them.
149
+ # Will be used for hashing of input token and grants.
150
+ def hash_token_secrets
151
+ @config.instance_variable_set(:@hash_token_secrets, true)
152
+ end
153
+
154
+ # Allow optional hashing of application secrets before persisting them.
155
+ # Will be used for hashing of input token and grants.
156
+ def hash_application_secrets
157
+ @config.instance_variable_set(:@hash_application_secrets, true)
158
+ end
159
+
160
+ # Allow plain value lookup when using +hash_token_secrets+
161
+ # or +hash_application_secrets+ to avoid disrupting application experience
162
+ def fallback_to_plain_secrets
163
+ @config.instance_variable_set(:@fallback_to_plain_secrets, true)
164
+ end
139
165
  end
140
166
 
141
167
  module Option
@@ -286,9 +312,14 @@ module Doorkeeper
286
312
  option :base_controller,
287
313
  default: 'ActionController::Base'
288
314
 
289
- attr_reader :reuse_access_token
290
- attr_reader :api_only
291
- attr_reader :enforce_content_type
315
+ attr_reader :api_only,
316
+ :enforce_content_type,
317
+ :reuse_access_token
318
+
319
+ # Return the valid subset of this configuration
320
+ def validate
321
+ validate_reuse_access_token_value
322
+ end
292
323
 
293
324
  def api_only
294
325
  @api_only ||= false
@@ -307,21 +338,33 @@ module Doorkeeper
307
338
  end
308
339
 
309
340
  def enforce_configured_scopes?
310
- !!(defined?(@enforce_configured_scopes) && @enforce_configured_scopes)
341
+ option_set? :enforce_configured_scopes
311
342
  end
312
343
 
313
344
  def enable_application_owner?
314
- !!(defined?(@enable_application_owner) && @enable_application_owner)
345
+ option_set? :enable_application_owner
315
346
  end
316
347
 
317
348
  def confirm_application_owner?
318
- !!(defined?(@confirm_application_owner) && @confirm_application_owner)
349
+ option_set? :confirm_application_owner
319
350
  end
320
351
 
321
352
  def raise_on_errors?
322
353
  handle_auth_errors == :raise
323
354
  end
324
355
 
356
+ def hash_token_secrets?
357
+ option_set? :hash_token_secrets
358
+ end
359
+
360
+ def hash_application_secrets?
361
+ option_set? :hash_application_secrets
362
+ end
363
+
364
+ def fallback_to_plain_secrets?
365
+ option_set? :fallback_to_plain_secrets
366
+ end
367
+
325
368
  def default_scopes
326
369
  @default_scopes ||= OAuth::Scopes.new
327
370
  end
@@ -334,6 +377,10 @@ module Doorkeeper
334
377
  @scopes ||= default_scopes + optional_scopes
335
378
  end
336
379
 
380
+ def scopes_by_grant_type
381
+ @scopes_by_grant_type ||= {}
382
+ end
383
+
337
384
  def client_credentials_methods
338
385
  @client_credentials_methods ||= %i[from_basic from_params]
339
386
  end
@@ -352,6 +399,12 @@ module Doorkeeper
352
399
 
353
400
  private
354
401
 
402
+ # Helper to read boolearized configuration option
403
+ def option_set?(instance_key)
404
+ var = instance_variable_get("@#{instance_key}")
405
+ !!(defined?(var) && var)
406
+ end
407
+
355
408
  # Determines what values are acceptable for 'response_type' param in
356
409
  # authorization request endpoint, and return them as an array of strings.
357
410
  #
@@ -370,5 +423,19 @@ module Doorkeeper
370
423
  types << 'refresh_token' if refresh_token_enabled?
371
424
  types
372
425
  end
426
+
427
+ # Determine whether +reuse_access_token+ and +hash_token_secrets+
428
+ # have both been activated.
429
+ #
430
+ # In that case, disable reuse_access_token value and warn the user.
431
+ def validate_reuse_access_token_value
432
+ return unless hash_token_secrets? && reuse_access_token
433
+
434
+ ::Rails.logger.warn(
435
+ 'You are configured both reuse_access_token AND hash_token_secrets. ' \
436
+ 'This combination is unsupported. reuse_access_token will be disabled'
437
+ )
438
+ @reuse_access_token = false
439
+ end
373
440
  end
374
441
  end